8262 matches found
WordPress plugin Kali Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-2002
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2002
CVE-2026-2002 is a Stored Cross-Site Scripting vulnerability in Forminator Forms – Contact Form, Payment Form & Custom Form Builder for WordPress. It affects all versions up to and including 1.50.2 and arises from insufficient input sanitization and output escaping of the form_name parameter. Wit...
CVE-2026-2002
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-8396
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
WordPress Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin = 1.50.2 - Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Tiến Dũng Nguyễn in WordPress Plugin Forminator versions = 1.50.2...
WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' vulnerability
Missing Authorization in 'ptcancelsubscription' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...
EUVD-2026-6123
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
CVE-2026-0929
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
Kubysoft 跨站脚本漏洞
Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability. This vulnerability stems from multiple parameters in the /forms/app endpoint, which are vulnerable to storage-based cross-site scripting attacks. This may allo...
PT-2026-8313
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
CVE-2026-2022
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-2022
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-2022
CVE-2026-2022 concerns WordPress plugin Smart Forms. The vulnerability is a missing capability check on the AJAX action rednao_smart_forms_get_campaigns, affecting all versions up to and including 2.6.99. This allows authenticated attackers with Subscriber-level access and above to retrieve donat...
CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-2022
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...